[packagekit] SELinux issues
David Zeuthen
david at fubar.dk
Thu Oct 11 16:08:44 PDT 2007
On Fri, 2007-10-12 at 00:31 +0200, Matej Cepl wrote:
> Hi,
>
> I don't know how much do you want to get involved with SELinux in
> this early stage of the development,
The thing is that SELinux needs to allow
/lib/dbus-1/dbus-daemon-launch-helper
to transition to the security context that the process it is launching
is should run in (usually unconfined_t or similar). So it's really a
SELinux bug in the policy for D-Bus; anything activated by the system
message bus will suffer from this.
(FWIW, I've told Dan Walsh already; I should probably file a bug too.)
Only when the above is in place, it makes sense to start confining the
PackageKit mechanism itself.
David
More information about the PackageKit
mailing list